CVE-2014-6322
published 2014-11-11CVE-2014-6322: The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold…
PriorityP273medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
12.97%
95.8th percentile
The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka "Windows Audio Service Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m8cg-423w-qg9g: The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14
CVE-2014-6322 [MEDIUM] CWE-20 GHSA-m8cg-423w-qg9g: The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka "Windows Audio Service Vulnerability."
Project0
Windows 10^H^H Symbolic Link Mitigations - Project Zero
project_zero·2015-08-01
CVE-2014-0568 Windows 10^H^H Symbolic Link Mitigations - Project Zero
Posted by James Forshaw, abusing symbolic links like it’s 1999.
For the past couple of years I’ve been researching Windows elevation of privilege attacks. This might be escaping sandboxing or gaining system privileges. One of the techniques I’ve used multiple times is abusing the symbolic link facilities of the Windows operating system to redirect privileged code to create files or registry keys to escape the restrictive execution context. Symbolic links in themselves are not vulnerabilities, instead they’re useful primitives for exploiting different classes of vulnerabilities such as resource planting or time-of-check time-of-use.
This blog post contains details of a few changes Microsoft has made to Windows 10, and now back ported (in MS15-090) as far back as Windows Vista which chan
VulnCheck
Microsoft Windows Improper Input Validation
vulncheck·2014·CVSS 4.3
CVE-2014-6322 [MEDIUM] Microsoft Windows Improper Input Validation
Microsoft Windows Improper Input Validation
The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka "Windows Audio Service Vulnerability."
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://unit42.paloaltonetworks.com/unit42-the-old-and-new-current-trends-in-web-based-threats/
No detection rules found.
No public exploits indexed.
Unit42
The Old and New: Current Trends in Web-based Threats
blogs_unit42·2018-06-20·CVSS 9.3
[CRITICAL] The Old and New: Current Trends in Web-based Threats
Summary
In this blog, Unit 42 is sharing analysis and statistics from our Email Link Analysis (ELINK) from the first quarter of 2018 and highlighting interesting findings of current web threats. We will first describe statistical information about CVEs, malicious URLs and Exploit Kits (EKs), then discuss the current life cycle of these web-based threats, and wrap up with two case studies about evolving EKs and a cryptocurrency miner.
Statistics analysis
CVEs
In the first quarter of 2018, we found 1583 malicious URLs across 496 different domains. Attackers used at least 8 old and public vulnerabilities as shown in Figure 1. The Top 3 CVEs used are
1. CVE-2014-6332: exploited by 774 malicious URLs
2. CVE-2016-0189: exploited by 219 malicious URLs
3. CVE-2015-5122: exploited by 85 malici
Unit42
The Old and New: Current Trends in Web-based Threats
blogs_unit42·2018-06-20·CVSS 9.3
CVE-2014-6332 [CRITICAL] The Old and New: Current Trends in Web-based Threats
Threat Research Center
Trend Reports
Vulnerabilities
## The Old and New: Current Trends in Web-based Threats
Tao Yan
Bo Qu
Zhanglin He
Rongbo Shao
Published: June 20, 2018
Malware
Trend Reports
Vulnerabilities
CVE-2014-6332
CVE-2016-0189
EK
Exploit kit
KaiXin
Rig
Sundown
Summary
In this blog, Unit 42 is sharing analysis and statistics from our Email Link Analysis (ELINK) from the first quarter of 2018 and highlighting interesting findings of current web threats. We will first describe statistical information about CVEs, malicious URLs and Exploit Kits (EKs), then discuss the current life cycle of these web-based threats, and wrap up with two case studies about evolving EKs and a cryptocurrency miner.
Statistics analysis
CVEs
In the first quarter of 2018, we found 1
Talos
Microsoft Update Tuesday November 2014: Fixes for 3 0-day
Vulnerabilities
blogs_talos·2014-11-11·CVSS 7.8
[HIGH] Microsoft Update Tuesday November 2014: Fixes for 3 0-day
Vulnerabilities
## Microsoft Update Tuesday November 2014: Fixes for 3 0-day
Vulnerabilities
This month Microsoft is releasing 14 security bulletins. Originally they had planned to release 16, but due to issues that emerged in late testing, two bulletins that were announced in the Advance Security Notification, MS14-068 and MS14-075, have been postponed. Of the 14 bulletins, four are considered critical, eight are important, while two are moderate. They cover a total of 33 CVEs.
We’ll start off with the four critical bulletins, for a total of 21 CVEs that can result in remote code execution:
Our first bulletin of the month is MS14-064 and fixes two vulnerabilities ( CVE-2014-6332 , CVE-2014-6352 ) in Windows Object Linking and Embedding (OLE) that could allow remote code execution. Both issues are seei
Talos
Microsoft Update Tuesday November 2014: Fixes for 3 0-day
Vulnerabilities
blogs_talos·2014-11-11·CVSS 7.8
[HIGH] Microsoft Update Tuesday November 2014: Fixes for 3 0-day
Vulnerabilities
This month Microsoft is releasing 14 security bulletins. Originally they had planned to release 16, but due to issues that emerged in late testing, two bulletins that were announced in the Advance Security Notification, MS14-068 and MS14-075, have been postponed. Of the 14 bulletins, four are considered critical, eight are important, while two are moderate. They cover a total of 33 CVEs.
We’ll start off with the four critical bulletins, for a total of 21 CVEs that can result in remote code execution:
Our first bulletin of the month is MS14-064 and fixes two vulnerabilities (CVE-2014-6332, CVE-2014-6352) in Windows Object Linking and Embedding (OLE) that could allow remote code execution. Both issues are seeing attack in the wild and can be considered 0-days. CVE-2014-6352 is a vulnerabil
http://secunia.com/advisories/59968http://www.securityfocus.com/bid/70978http://www.securitytracker.com/id/1031191https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-071http://secunia.com/advisories/59968http://www.securityfocus.com/bid/70978http://www.securitytracker.com/id/1031191https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-071
2014-11-11
Published
Exploited in the wild